mirror of
https://github.com/torvalds/linux.git
synced 2024-11-24 21:21:41 +00:00
f40998a8e6
If enabled, we fallback to the platform keyring if the trusted keyring doesn't have the key used to sign the ipe policy. But if pkcs7_verify() rejects the key for other reasons, such as usage restrictions, we do not fallback. Do so, following the same change in dm-verity. Signed-off-by: Luca Boccassi <bluca@debian.org> Suggested-by: Serge Hallyn <serge@hallyn.com> [FW: fixed some line length issues and a typo in the commit message] Signed-off-by: Fan Wu <wufan@kernel.org> |
||
---|---|---|
.. | ||
apparmor | ||
bpf | ||
integrity | ||
ipe | ||
keys | ||
landlock | ||
loadpin | ||
lockdown | ||
safesetid | ||
selinux | ||
smack | ||
tomoyo | ||
yama | ||
commoncap.c | ||
device_cgroup.c | ||
inode.c | ||
Kconfig | ||
Kconfig.hardening | ||
lsm_audit.c | ||
lsm_syscalls.c | ||
Makefile | ||
min_addr.c | ||
security.c |